1505 matches found
openSUSE 16 Security Update : mapserver (openSUSE-SU-2026:20476-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20476-1 advisory. Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo...
EUVD-2026-14411
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious...
MAL-2026-1564 Malicious code in transform-es2015-spread (npm)
The package 'transform-es2015-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
CVE-2025-59870
Summary: CVE-2025-59870 affects HCL MyXalytics web applications. The issue is improper management of a static JWT signing secret that is not rotated, creating a risk to confidentiality and integrity. The cited sources consistently describe the secret as static and non-rotated across multiple feed...
Malicious code in yunxohang10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5afa709f3be67acbb1d69b61e6897f6743d7feb8f9cb31e8b0109223c403858c The package yunxohang10 was found to contain malicious code. Source: ghsa-malware 5d4bc174ce0500df2bcfb0be9787d728083db08a933b9eb56bbe52e1cf37bfd1 An...
MAL-2026-152 Malicious code in week-4-node-modularization (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0183bf3fb4823612b5a0668f2fc3e58fe3de5ee161fa9acd80244e0400dc40b9 The package week-4-node-modularization was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-native-phone-call (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e134ec88971e1ecadce79d1699bde00b798633b1ef9a0f6ebb2dbf67a51cdf5 The package react-native-phone-call was found to contain malicious code. Source: ghsa-malware...
Malicious code in lite-serper-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4004eeb497395a7e5423b056c76905cd2679f242fc432352479ee7b657383084 The package lite-serper-mcp-server was found to contain malicious code. Source: ghsa-malware...
Malicious code in open2internet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbe1cf5da09eaf98a63e880a56f10409eaec90f40d9d3a7938b4bea09aeada36 The package open2internet was found to contain malicious code. Source: ghsa-malware 7df2207057942014062d4c686449d02043f6f221e63ee8014453f995f1429200...
MAL-2025-190629 Malicious code in loliloli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49613dc24146ca83bc9bd4c3192468ff9b16fc61797e4b79a957d79f98d3552b The package loliloli was found to contain malicious code. Source: ghsa-malware 6188273fee11225ff9b29efe7923768ac1792c131fd40768f5127839c6be6ceb Any...
MAL-2025-49256 Malicious code in custom-tg-bot-plan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10cef01d344d07be2f72b365cb97f994a5cea38eef145b5b25de21f1784cd740 The package custom-tg-bot-plan was found to contain malicious code. Source: ghsa-malware...
MAL-2025-49260 Malicious code in hemi-viem-stake-actions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1d9184337bc393349d525de921a714d1d1b7d49ccac08cc2d35ff378627971a The package hemi-viem-stake-actions was found to contain malicious code. Source: ghsa-malware...
Malicious code in redirect-pqigpl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a23043000ec60bf8a39722f2c90862e102688439bf747cb5f1d52e96e8dd9f76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47558 Malicious code in internallib_v354 (npm)
The package internallibv354 was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9fe6620f0f8ef12778be7f072b28dc3549b66d2db5da15e09040ba641a14d357 Any computer that has this package installed or running should be considered fully...
Malicious code in @yoobic/yobi (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f973d949e3a5ae002289cfd3e93009c3a8122535b1f75f0363bd8e2c04a2548 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in sos-models (npm)
The package sos-models was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7171745aec44dc0f96e3426f39966e6f22281703919bc10a7a161efef9b928cf Any computer that has this package installed or running should be considered fully compromise...
MAL-2025-47059 Malicious code in flashbot-sdk-eth (npm)
The package flashbot-sdk-eth was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52a62baf78e0196a1a1b9281fdbc9a6739bdac59ba497de64a461a107a173f97 Any computer that has this package installed or running should be considered fully...
Malicious code in byaziine_validator (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f12a2c76230f3f02e4f5f0e1b7124c3fcdafddd9b28e6083e61b3c2a92f96eb Any computer that has this package installed or running should be considered...
Malicious code in hashcrypt265 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ed2e7d3a679ee09744c353542b2a412a7dd42d27c1a3f97e8d6d266eb409b92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3873 Malicious code in arcnagacha (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a3dd2e7d9a6e46241619d32ad08253b979773786a3bbec2e3116240d51a7898 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...